External News

Browse by Tags

• 0.0.0.0 Microsoft Strategy and Initiatives
• 0.1.0.0 Security and Privacy
• 0.1.1.0 Trustworthy Computing (TwC)
• 0.1.1.1 End to End Trust
• 4.0 Application Security
• 7.0 Security Foundations (Technology)
• 8.0 Security Foundations (Processes)
• Adobe Security
• ADWS
• Apple
• Attack
• attack vector
• bloggers
• BlueHat Security Briefings
• CanSecWest
• certificates
• Commentary
• Community-based Defense
• Computacion Confiable
• Crack
• Defend the Flag
• EcoStrat
• Emerging Threat
• exploitability
• Exploitability Index
• FSMO
• Fun
• geek
• general
• Hack
• Mac OS X
• Mail Sack
• Malware and Attack analysis
• Microsoft
• Microsoft Active Protections Program (MAPP)
• Microsoft Vulnerability Research (MSVR)
• Mitigations
• MMPC
• MSRC
• MSRC Ecosystem Strategy
• Noticias
• Patch Management
• Published on MS Security TechCenter
• Responsible Disclosure
• responsible/full disclosure
• risk assessment
• Sécurité
• Safari
• Security
• Security Advisory
• Security Assurance
• Security Bulletin
• Security Bulletin and Advisory Risk Analysis
• Security Bulletins
• Security Compliance Manager
• Security Conference Engagement
• Security Development Lifecycle (SDL)
• Security Ecosystem
• Security Engineering
• Security Guidance and Resources
• Security Research
• Security Tools
• Security Update Management
• SecurityGuy
• Seguridad
• Story
• Studies
• Trustworthy Computing
• TWC
• USMT
• Vista
• Vulnerabilities
• Vulnerability Handling
• z-Eventi
• z-MClips

• Blackhat DC: nuovo tool Attack Surface Analyzer e altre news su SDL

  [English readers: you can find English links in this post for your convenience] In occasione della Blackhat DC Security Conference, Microsoft sta annunciando il rilascio del nuovo tool Attack Surface Analyzer per supportare il processo di scrittura di... Posted Jan 18 2011, 04:38 AM by TechNet Blogs Filed under: Black Hat, Security Tools, Security Development Lifecycle (SDL), Published on MS Security TechCenter

• Friday Mail Sack: Mostly Edge Case Edition

  Hello all, Ned here again with this week’s conversations between AskDS and the rest of the world.  Today we talk Security, ADWS, FSMO upgrades, USMT, and why “Web 2.0 Internet” is still a poisonous wasteland of gross. Let’s do it to it. Question... Posted Aug 13 2010, 07:38 PM by TechNet Blogs Filed under: Security, certificates, Black Hat, USMT, FSMO, ADWS, Mail Sack, Security Compliance Manager

• MAPP – An Insider's view

  Intro Matt Watchinski here, Senior Director, Sourcefire Vulnerability Research Team (VRT). It’s that time of year again. The mercury is soaring above 100F, and I am crammed onto a “flying bus” heading out to Las Vegas to attend this... Posted Jul 29 2010, 02:55 PM by TechNet Blogs Filed under: Black Hat, Community-based Defense, Security Conference Engagement, Security Engineering, Security Research

• May You Live in Interesting Times

  Handle: StoneZ IRL: Adrian Stone Rank: Senior Security Program Manager Lead Likes: Predictive Analytics, Game Theory, Databases, Sports Cars, NFL Football, Direct People Dislikes: Losing, Liars, Posers, No Talent Clowns It was two years ago at Black Hat... Posted Jul 29 2010, 03:00 AM by TechNet Blogs Filed under: MMPC, Black Hat, Security Tools, Security Ecosystem, Microsoft Active Protections Program (MAPP), Attack, MSRC Ecosystem Strategy, Community-based Defense, Security Conference Engagement, Security Engineering, Security Research, Microsoft Vulnerability Research (MSVR), EcoStrat

• Annunci Microsoft al BlackHat USA 2010: collaborazione con Adobe, nuovo tool EMET e whitepapers

  [English readers: you can find English links in this post for your convenience] Valanga di annunci e novità da parte Microsoft in occasione dell’evento di sicurezza BlackHat USA 2010 appena iniziato: Microsoft News Center: Microsoft, Adobe Collaborate... Posted Jul 28 2010, 11:51 AM by TechNet Blogs Filed under: Black Hat, Adobe Security, Security Tools, Security Ecosystem, Published on MS Security TechCenter, Security Guidance and Resources

• The EMET 2.0 Training Video has arrived!

  Hey there, I'm pleased to announce that the BlueHat team has partnered with the dynamic Microsoft Security Response Center (MSRC) Engineering duo of Andrew Roths and Fermin J. Serna on a training video previewing the new release, version 2.0, of the... Posted Jul 28 2010, 11:00 AM by TechNet Blogs Filed under: Black Hat, Security Conference Engagement, Security Engineering, Security Research, BlueHat Security Briefings, Emerging Threat

• Attacking SMS

  This year at BlackHat USA in Las Vegas , we presented on the topic of attacking Short Message Service (SMS). Our presentation focused on the different ways in which SMS can be used to compromise mobile security. We’re excited to give an updated version... Posted Oct 19 2009, 12:05 PM by TechNet Blogs Filed under: attack vector, Black Hat, Attack, Security Conference Engagement, Security Engineering, Security Research, BlueHat Security Briefings

• Community Based Defense - Redux

  Handle: The Crushman IRL: Andrew Cushman Rank: Security Director Likes: Cranberry juice (thanks Jay!) Dislikes: Super helpful hotel desk clerks (thanks Raoul?) OMG it’s great to be back in Vegas again – the shows, the shopping, the nightlife, and let... Posted Jul 27 2009, 03:18 AM by TechNet Blogs Filed under: Black Hat, exploitability, Security Ecosystem, Exploitability Index, Microsoft Active Protections Program (MAPP), MSRC Ecosystem Strategy, Community-based Defense, Security Conference Engagement, Security Engineering, Security Research, Responsible Disclosure, Microsoft Vulnerability Research (MSVR), Security Assurance

• The year-end review – well, sort of :)

  Handle: Cap'n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run Hey! It’s that time of year again... Posted Jul 27 2009, 12:08 AM by TechNet Blogs Filed under: Mitigations, Black Hat, Security Bulletin, exploitability, Security Tools, Security Ecosystem, MSRC, Exploitability Index, Microsoft Active Protections Program (MAPP), MSRC Ecosystem Strategy, Community-based Defense, Security Conference Engagement, Security Engineering, Security Research, Responsible Disclosure, Security Advisory, Microsoft Vulnerability Research (MSVR)

• The Microsoft Security Community Videos: Through the Looking Glass

  Handle: EcoStrat's All-Stars IRL: TwC Security All-Star Guest Bloggers Likes: Security, Vulnerability Research & Science, Defense and Responsible Disclosure Dislikes: 0-day, FUD Take a gander as Billy Rios, Security Engineer, Business Online... Posted Jul 24 2009, 10:57 AM by TechNet Blogs Filed under: Black Hat, exploitability, Security Tools, Security Ecosystem, Security Development Lifecycle (SDL), risk assessment, MSRC Ecosystem Strategy, Community-based Defense, Security Engineering, Security Research, Responsible Disclosure

• Black Hat USA: Hoping what happens in Vegas doesn’t actually stay in Vegas…

  Handle: Security Blanki IRL: Sarah Blankinship Rank: Senior Security Strategist Lead Likes: Vuln wrangling, teams of rivals, global climate change - the hotter the better Dislikes: Slack jawed gawkers (girls are geeks too!), customers @ risk, egos... Posted Jul 22 2009, 11:27 AM by TechNet Blogs Filed under: Black Hat, Security Ecosystem, MSRC Ecosystem Strategy, Community-based Defense, Security Conference Engagement

• Black Hat 2008: Microsoft Security Vulnerability Research (MSVR)

  Riprendendo il filo da dove l'avevo interrotto (scappando in ferie ;-) mi restava da condividere l'ultimo annuncio fatto da Microsoft in occasione del Black Hat 2008 , che, tra l'altro, non mi sembra sia stato ripreso da altre fonti informative... Posted Sep 08 2008, 09:23 AM by TechNet Blogs Filed under: Black Hat, responsible/full disclosure, 0.1.0.0 Security and Privacy, 0.1.1.1 End to End Trust, 0.1.1.0 Trustworthy Computing (TwC), 0.0.0.0 Microsoft Strategy and Initiatives, Vulnerability Handling, Security Ecosystem, Security Update Management, 4.0 Application Security, Security Development Lifecycle (SDL)

• Nuevos programas de Seguridad

  La semana recién pasada en Black Hat hicimos varios anuncios respecto de nuevos programas de seguridad orientados a mejorar la experiencia de nuestro ecosistema con nuestro trabajo en seguridad. En este mismo blog pudieron leer del nuevo canal de... Posted Aug 12 2008, 10:27 PM by TechNet Blogs Filed under: Seguridad, Noticias, TWC, Trustworthy Computing, Black Hat, Computacion Confiable

• Black Hat et annonces Microsoft

  Le Black Hat USA 2008 a été l'occasion pour Microsoft d'annoncer trois nouveaux programmes : Exploitability Index : système de notation des vulnérabilités traitées dans les bulletins de sécurité, selon leur... Posted Aug 08 2008, 02:21 AM by TechNet Blogs Filed under: Sécurité, Patch Management, Black Hat

• Retour sur le Black Hat

  Live from Las Vegas ! Le Black Hat USA 2008 vient de se terminer au Caesars Palace de Las Vegas, où l'on oublierait presque qu'il fait plus de 40°C à l'extérieur de l'hôtel-casino... Voici quelques mots sur les... Posted Aug 08 2008, 02:20 AM by TechNet Blogs Filed under: Sécurité, Black Hat

• The Four Horsemen of CLeopatra's Barge

  One of the more interesting session I went to yesterday was a talk by Chris Hoff called " The Four Horsemen of the Virtualization Apocalypse ." (If you've never read Hoff's blog, you should check it out at http://rationalsecurity.typepad... Posted Aug 07 2008, 03:36 PM by TechNet Blogs Filed under: Security, Fun, general, geek, bloggers, Black Hat

• Black Hat : Got2 Luv the H8ers

  So, this afternoon, I'm in the Microsoft booth at Black Hat when this guy comes up (badge hidden of course) and starts talking to some of my colleagues. Right away, it was pretty obvious that he was antagonistic. I will refer to him as "h8er"... Posted Aug 07 2008, 12:07 AM by TechNet Blogs Filed under: Security, Vista, Microsoft, Mac OS X, geek, Black Hat, Story

• Live from the ?Configuresoft? Conference

  I thought I'd share a quick story from Black Hat. So, I went Caesar's and headed back to the conference area to register and get my badge. As I neared the escalators, I started seeing a lot of folks with badges on that said "Configuresoft... Posted Aug 06 2008, 08:47 PM by TechNet Blogs Filed under: Black Hat

• Exploitability Index - More Information for Customers

  Yesterday at Black Hat 2008, along with some other stuff , we announced that we will be adding some new information to Security Bulletins - an "Exploitability Index" for each of the vulnerabilities addressed by the bulletin. Based upon talking... Posted Aug 06 2008, 11:20 AM by TechNet Blogs Filed under: Security, Microsoft, Commentary, Vulnerabilities, Black Hat, Security Bulletins, MSRC, SecurityGuy, Exploitability Index

• Black Hat 2008: Microsoft Active Protections Program (MAPP)

  Come per l'annuncio del Microsoft Exploitability Index nel post precedente , anche per quest'annuncio può essere utile darvi un po' di indicazioni storiche e di contesto. Forse, infatti, non tutti sanno che fino ad ora l'approccio... Posted Aug 06 2008, 11:06 AM by TechNet Blogs Filed under: Black Hat, 0.1.0.0 Security and Privacy, 0.1.1.1 End to End Trust, 0.1.1.0 Trustworthy Computing (TwC), 0.0.0.0 Microsoft Strategy and Initiatives, Vulnerability Handling, Security Ecosystem, Security Update Management, 8.0 Security Foundations (Processes), Microsoft Active Protections Program (MAPP)

• Black Hat 2008: Microsoft Exploitability Index

  La parola che molti clienti diranno alla vista di questo annuncio è: finalmente! L'attività di security advisoring che io e il mio team Premier Center for Security (PCfS) abbiamo da sempre realizzato in corrispondenza del rilascio dei bollettini... Posted Aug 06 2008, 09:04 AM by TechNet Blogs Filed under: Black Hat, Vulnerability Handling, 7.0 Security Foundations (Technology), Security Update Management, Malware and Attack analysis, Security Bulletin and Advisory Risk Analysis, 8.0 Security Foundations (Processes)

• Black Hat 2008: si parte con il nuovo blog del team MSRC Ecosystem Strategy!

  Ho appena lanciato su MClips la chiave di lettura dell'importante partecipazione di Microsoft all'evento di sicurezza più atteso dell'anno, il Black Hat ! Black Hat 2008: è tempo di Community-Based Defense! Come ho indicato, sarà... Posted Aug 05 2008, 05:00 AM by TechNet Blogs Filed under: z-Eventi, Black Hat, 0.1.0.0 Security and Privacy, 0.1.1.1 End to End Trust, 0.1.1.0 Trustworthy Computing (TwC), z-MClips, 0.0.0.0 Microsoft Strategy and Initiatives, Vulnerability Handling, Security Ecosystem

• Defend the Flag: The Roguery Abounds!

  The air was thick with adrenaline and action as the teams battled each other for the top spot at Microsoft’s Defend the Flag (DTF) training at Black Hat USA. The heat of Vegas seems a fitting place for such contests, pitting attacker against victim, in... Posted Aug 04 2008, 03:52 AM by TechNet Blogs Filed under: Black Hat, Defend the Flag

• Mac OS X Security - Reality Check #2

  First, let me express a caveat. I don't really care for "hack the box" contests. If a machine doesn't get hacked, it does not mean it isn't breakable. If it does get hacked, it just shows us what we already know - any machine can be broken under the right... Posted Mar 27 2008, 05:43 PM by TechNet Blogs Filed under: Security, Microsoft, Apple, Mac OS X, CanSecWest, Safari, Crack, Hack, Black Hat

• Mac OS X Security - Reality Check #1

  As anyone who reads my blog knows, I like to shine a light on areas of common security misperceptions. I am even happier when others do it. I think Apple has really taken a playbook from Oracle (ie, "Unbreakable marketing") with respect to security in... Posted Mar 27 2008, 05:32 PM by TechNet Blogs Filed under: Security, Microsoft, Studies, Mac OS X, Black Hat